Protecting Web server and Web applications from malicious requests and unauthorized access
CURRENT THREAT SCENARIO
IIS URL Scan 3.1 is a security tool that restricts the types of HTTP requests that IIS will process. By blocking specific HTTP requests, the URL Scan 3.1 security tool helps to prevent potentially harmful requests from reaching applications on the Web server. URL Scan 3.1 is an update to URL Scan 2.5 and supports IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008.
Tomorrow's Technology Today - Web Filtering Solution
WHAT DOES THIS TECHNOLOGY DO?
URL Scan 3.1 screens incoming requests to the server based on rules set by the administrator. URL Scan is configured to filter HTTP querystring values to mitigate SQL injection attacks while the root cause is being fixed in the application. URL Scan provides W3C formatted logs for easier log file analysis.
UrlScan 3.1 can be configured to filter HTTP querystring values and other HTTP headers to mitigate SQL injection attacks while the root cause is being fixed in the application.
UrlScan 3.1 provides W3C formatted logs for easier log file analysis through log parsing solutions like Microsoft Log Parser 2.2. Key features include:
New installer allows UrlScan 3.1 to be installed on IIS 5.1, IIS 6.0, and IIS 7.0
Create "deny" rules independently to the query string, all headers, or a particular header.
A global DenyQueryString section in configuration lets you add deny rules for query strings with the option of checking the un-escaped version of the query string.
A global AlwaysAllowedUrls section in configuration lets you specify safe URLs that will bypassall URL based checks.
A global AlwaysAllowedQueryStrings section in configuration lets you specify safe query strings that will bypass all query string checks.
Escape sequences (e.g., %0A%0D) can be used in deny rules so it is possible to deny CRLF and other sequences involving non-printable characters.
Multiple UrlScan instances can be installed as site filters, each with its own configuration and rules (UrlScan.ini).
Configuration (UrlScan.ini) change notifications are propagated to IIS worker processes.
Enhanced W3C formatted logging gives descriptive configuration errors in the Remarks header.
With IIS URL Scan 3.1, Web server administrators can protect their Web server and Web application investments from malicious requests and unauthorized access by enabling dynamic modification of URLs based on rules defined by the Web server administrator.
One Microsoft Way
Redmond, WA 98052